ACS 5.4 different password from enable password

mikik · ‎09-15-2013

Hi:

Is it possible in ACS , in this case 5.4.0.46.3, to force a user to have a different user password and enable password? We want the ACS to hanle both user and enable passwords, but want to be sure that the user has a different password for each and not the same password. Is therre a way in ACS to force different passwords?

Thanks for the help

Mickey

Anas Naqvi · ‎09-24-2013

Hi Mickey,

Try using the option of “System Administration > Users > Authentication Settings > Advanced Tab > Password History”

Password must be different from the previous n versions.

Specifies the number of previous passwords for this user to be compared against. This option prevents the users from setting a password that was recently used. Valid options are 1 to 99.

Jatin Katyal · ‎10-01-2013

Hi Mikik,

When you want this to be triggered, because you can define different user and enable password while creating/adding a user on the ACS locally. Could you please explain?

The below listed link talks about the password complexity options for ACS internal database.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/users_id_stores.html#wp1131174

Note, that there is a switch in 'system administration -> users -> authentication settings -> advanced' where one can turn on / off the separate TACACS enable password ('Select whether a separate password should be defined in the user record to store the Enable Password'). I think it is enabled by default.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin